1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200604-09 / cyrus-sasl |
| Release Date | April 21, 2006 |
| Latest Revision | April 21, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-libs/cyrus-sasl | < 2.1.21-r2 | >= 2.1.21-r2 | All supported architectures |
Related bugreports: #129523
Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service.
Cyrus-SASL is an implementation of the Simple Authentication and Security Layer.
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service.
An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
There is no known workaround at this time.
All Cyrus-SASL users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/cyrus-sasl-2.1.21-r2" |